Andreas Steffen
7e20062fdf
Added hostapd package to base image
2013-03-22 23:53:39 +01:00
Andreas Steffen
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
Andreas Steffen
9fa9f68d8d
enforce singular of packets
2013-03-22 21:14:04 +01:00
Tobias Brunner
48d82a7dc7
asprintf(3) requires _GNU_SOURCE to be defined
2013-03-22 19:42:15 +01:00
Andreas Steffen
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
Andreas Steffen
4a3c1cdc2b
Store debug output from standalone IMC/IMVs
2013-03-22 16:45:24 +01:00
Andreas Steffen
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
Tobias Brunner
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
Tobias Brunner
03237238b8
Check return value of asprintf(3) when converting AR identity
...
Using chunk_t.ptr as target was also not optimal as it resulted in
a compiler warning.
2013-03-22 11:34:16 +01:00
Andreas Steffen
753e0a0099
version bump to 5.0.3rc1
2013-03-22 10:38:25 +01:00
Andreas Steffen
a1bc67d6c9
Switch encoding of AR Identity Value from binary to UTF-8
2013-03-22 10:37:49 +01:00
Reto Buerki
3db17b0ccc
Fixed TKM build
2013-03-22 10:35:48 +01:00
Andreas Steffen
2c80ab3def
Build TNC-enabled wpa_supplicant
2013-03-22 10:33:39 +01:00
Andreas Steffen
6e58f0a34f
activate logging before loading plugins
2013-03-21 18:04:31 +01:00
Martin Willi
dd3c243844
Add a load-tester option to keep allocated external address until shutdown
2013-03-21 10:29:23 +01:00
Tobias Brunner
24b5e71522
android: No need to disable CMS explicitly
...
The version check introduced with 0d237763
should take care of it.
2013-03-20 17:02:37 +01:00
Tobias Brunner
665fac2433
Allow up to 10 NAT-D payloads in IKEv1 messages
2013-03-20 16:20:39 +01:00
Tobias Brunner
1a71178940
Avoid a race condition when reloading secrets from ipsec.secrets
...
With the previous implementation that cleared the secrets in the active
credential set and then loaded the secrets, IKE SA establishment would
fail (as initiator or responder) if secrets are concurrently reloaded
and the required secret was not yet loaded.
2013-03-20 15:27:34 +01:00
Tobias Brunner
d307be7f6c
Add a method to replace all secrets in a mem_cred_t object
2013-03-20 15:27:34 +01:00
Tobias Brunner
29d93e2470
android: Build native libraries also for x86
...
Requires an updated build script for Vstr.
2013-03-20 15:24:27 +01:00
Tobias Brunner
51f2905d9b
android: libtnccs requires headers from libtls
2013-03-20 15:24:27 +01:00
Tobias Brunner
9a4d06df44
android: Fix Android.mk for ipsec script
2013-03-20 15:24:27 +01:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Tobias Brunner
8249f288f2
android: Request and install an IPv6 DNS server
2013-03-20 15:24:26 +01:00
Tobias Brunner
ee66565d43
android: Also request a virtual IPv6 address and propose IPv6 TS
...
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
2013-03-20 15:24:26 +01:00
Tobias Brunner
c994ec3b70
ipsec: Increased log level for message in case no outbound policy is found
...
This might happen on Android if sockets are bound to the physical IP
address but packets are still routed via TUN device. Since it seems to
happen quite often (or for stuff that requires regular traffic) this
hides these messages from the default log.
2013-03-20 15:24:26 +01:00
Martin Willi
e2d2b542f1
Add an option to autobalance a HA cluster automatically
2013-03-19 16:54:20 +01:00
Martin Willi
33524f02f9
Check if for some reason we handle a HA segment on both nodes
2013-03-19 16:50:39 +01:00
Martin Willi
21f40fe891
Acquire HA segment lock while sending heartbeat
2013-03-19 16:50:39 +01:00
Tobias Brunner
e8526ae991
Removed unused variable 'id'
2013-03-19 16:37:40 +01:00
Tobias Brunner
5e551da16b
Properly cleanup libmysql
...
Seems to work correctly with recent MySQL versions.
2013-03-19 16:33:07 +01:00
Tobias Brunner
2ac772a5d0
Use proper address family when adding multiple addresses to SQL pool
2013-03-19 16:33:07 +01:00
Tobias Brunner
fe62707209
Ignore SQL-based IP address pools if their address family does not match
2013-03-19 16:33:07 +01:00
Tobias Brunner
1b33e6c4ca
charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features
...
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
2013-03-19 16:25:26 +01:00
Tobias Brunner
3651c8dcd5
charon-nm: Prevent NM from changing the default route
...
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
2013-03-19 16:25:26 +01:00
Tobias Brunner
9cf09ecad7
charon-nm: Use VIP (if any) as local address
...
NM will install this address on the provided device.
2013-03-19 16:25:26 +01:00
Tobias Brunner
c15eea7306
charon-nm: Pass a dummy TUN device to NetworkManager
...
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
2013-03-19 16:25:26 +01:00
Tobias Brunner
b7645a5d30
charon-nm: Fix NM plugin utility macros
2013-03-19 16:25:26 +01:00
Tobias Brunner
e7017a6bb9
Ignore 'compile' script which is generated by AM_PROG_CC_C_O
2013-03-19 16:19:11 +01:00
Tobias Brunner
68bfee4bc4
Avoid returning COOKIEs right after system boot
...
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).
Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.
Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
2013-03-19 16:19:11 +01:00
Martin Willi
2071dd63d6
Fix scheduling of heartbeat sending in HA plugin
...
e0efd7c1
switches to automated job rescheduling for HA heartbeat. However,
send_status() is initially called directly, which will not reschedule the job
as required.
2013-03-19 15:48:27 +01:00
Martin Willi
5cf3afd1fa
Fix compiler warning in HA plugin
2013-03-19 15:48:27 +01:00
Tobias Brunner
7f0f185bed
Merge branch 'tkm'
...
This adds charon-tkm a special build of the charon IKEv2 daemon that delegates
security critical operations to a separate process (TKM = Trusted Key Manager).
2013-03-19 15:25:38 +01:00
Adrian-Ken Rueegsegger
7cc6fa1a98
Various stylistic fixes
2013-03-19 15:24:36 +01:00
Reto Buerki
db50a35ad8
Add NEWS about TKM separation
2013-03-19 15:24:36 +01:00
Adrian-Ken Rueegsegger
c57b7a66c3
Use network byte order for ESA SPIs
2013-03-19 15:23:51 +01:00
Adrian-Ken Rueegsegger
e2928a3e8c
Provide MODP-2048 through TKM DH plugin
2013-03-19 15:23:51 +01:00
Adrian-Ken Rueegsegger
7f21523abd
Add charon-tkm API documentation
2013-03-19 15:23:51 +01:00
Reto Buerki
0063e03325
Do not hardwire keys to KEY_RSA
...
Make the TKM private and public keys more easily extendable by
determining the associated key type dynamically.
2013-03-19 15:23:51 +01:00
Reto Buerki
38c1fd3cb1
Provide TKM credential encoder
...
The TKM credential encoder creates fingerprints of type
KEYID_PUBKEY_INFO_SHA1 and KEYID_PUBKEY_SHA1 using
CRED_PART_RSA_PUB_ASN1_DER.
This makes the pkcs1 plugin unnecessary.
2013-03-19 15:23:51 +01:00